Software / code / prosody
Diff
core/certmanager.lua @ 6496:e4b998ffc922 0.9.6
certmanager, net.http: Disable SSLv3 by default
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Tue, 14 Oct 2014 18:55:08 +0100 |
| parent | 5921:f7601ce30cfc |
| child | 6501:71b6e8b48a12 |
line wrap: on
line diff
--- a/core/certmanager.lua Tue Oct 14 10:58:11 2014 +0100 +++ b/core/certmanager.lua Tue Oct 14 18:55:08 2014 +0100 @@ -33,7 +33,7 @@ local default_ssl_config = configmanager.get("*", "ssl"); local default_capath = "/etc/ssl/certs"; local default_verify = (ssl and ssl.x509 and { "peer", "client_once", }) or "none"; -local default_options = { "no_sslv2", "cipher_server_preference", luasec_has_noticket and "no_ticket" or nil }; +local default_options = { "no_sslv2", "no_sslv3", "cipher_server_preference", luasec_has_noticket and "no_ticket" or nil }; local default_verifyext = { "lsec_continue", "lsec_ignore_purpose" }; if ssl and not luasec_has_verifyext and ssl.x509 then
